'Appln. Serial No. 09/881,604 
Amendment Dated February 1 , 2007 
Reply to Office Action Mailed November 1 , 2006 



AMENDMENTS TO THE CLAIMS 
This listing of claims replaces all prior versions, and listings, of claims in the application: 

1 1. (Previously Presented) A method of dynamically protecting access to a first 

2 network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of a data unit; 

5 matching the source address with information stored in the system; 

6 enabling entry of the data unit to the first network for communication to a 

7 destination device on the first network if the source address matches the information stored in the 

8 system and denying entry of the data unit to the first network if the source address does not 

9 match the information stored in the system, 

10 wherein the destination device is separate from the system; 

1 1 determining whether the data unit contains an identifier of a codec type that 

12 matches a stored codec type; and 

13 indicating occurrence of an attack of the first network in response to determining 

14 that the identifier is of a codec type that does not match the stored codec type. 

1 2. (Original) The method of claim 1, wherein matching the source address with the 

2 information comprises matching the source address with one or more entries of a network 

3 address translation mapping table. 

1 3. (Original) The method of claim 1, wherein matching the source address 

2 comprises matching an Internet Protocol address. 

1 4. (Cancelled) 
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1 5. (Currently Amended) A method of dynamically protecting access to a first 

2 network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of the data unit; 

5 matching, by an address filter in the system, the source address with information 

6 stored in the system; 

7 enabling, by the address filter, entry of the data unit to the first network if the 

8 source address matches the information stored in the system and denying entry of the data unit to 

9 the first network if the source address does not match the information stored in the system; and 

10 determining, by a protocol filter, if the data unit contains a payload according to a 

1 1 predetermined protocol, and denying, by the protocol filter, entry of the data unit if the data unit 

12 does not contain the payload according to the predetermined protocol. 

1 6. (Original) The method of claim 5, wherein determining if the data unit contains a 

2 payload according to the predetermined protocol comprises determining if the data unit contains 

3 a payload according to a Real-Time Protocol or Real-Time Control Protocol. 

1 7. (Currently Amended) A method of dynamically protecting access to a first 

2 network, comprising: 

3 receiving, in a system, a data unit containing a source address indicating a source 

4 of a data unit; 

5 matching the source address with information stored in the system; 

6 enabling entry of the data unit to the first network if the source address matches 

7 the information stored in the system and denying entry of the data unit to the first network if the 

8 source address does not match the information stored in the system; and 

9 storing profile information for a telephony call session, and determining if an 
10 unauthorized access of the first network is occurring based on the profile information. 
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1 8. (Original) The method of claim 7, wherein storing the profile information 

2 comprises storing a threshold representing a maximum acceptable rate of incoming data units 

3 from an external network to the first network. 

1 9. (Original) The method of claim 8, further comprising calculating a value for the 

2 threshold based on a frame size used in the call session. 

1 10. (Original) The method of claim 8, wherein storing the profile information further 

2 comprises storing a pattern expected in incoming data units. 

1 11. (Original) The method of claim 10, wherein storing the pattern comprises storing 

2 a codec type used in the call session. 

1 12. (Original) The method of claim 8, further comprising generating an alarm if the 

2 system detects a rate of incoming data units from the external network to the first network 

3 exceeding the threshold. 

1 13. (Original) The method of claim 8, further comprising denying further transport of 

2 incoming data units from the external network to the first network for the call session if the 

3 system detects a rate of incoming data units from the external network to the first network 

4 exceeding the threshold. 

1 14.-18. (Cancelled) 
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1 19. (Previously Presented) An article comprising at least one storage medium 

2 containing instructions for protecting a first network, the instructions when executed causing a 

3 system to: 

4 determine if a rate of incoming data units from an external network to the first 

5 network exceeds a predetermined threshold; 

6 perform a security action if the determined rate of incoming data units exceeds the 

7 predetermined threshold; and 

8 determine if each incoming packet has a predetermined pattern, 

9 wherein the instructions when executed cause the system to determine if each 

10 incoming packet has the predetermined pattern by checking if each incoming packet has an 

1 1 indication of a predetermined codec type. 

1 20.-24. (Cancelled) 

1 25. (Previously Presented) A system for use in communications between a first 

2 network and an external network, comprising: 

3 a storage module to store a threshold value for a communications session, the 

4 threshold value representing an acceptable rate of incoming data units from the external network 

5 to the first network; and 

6 a controller adapted to deny further entry of data units from the external network 

7 to the first network in the communications session in response to the controller detecting that the 

8 rate of incoming data units exceeds the threshold value, 

9 the storage module to further store a codec type for the communications session, 

10 wherein the controller is adapted to deny entry of an incoming data unit if the incoming data unit 

1 1 does not contain an indication of the codec type. 

1 26. (Cancelled) 
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